6:07 a.m.
Hello guys!
I would like to as about behaviour of Authorization Client. I’m trying to get user
entitlements using authorization client and see the following:
If permissions allow access to the resource and scope requested, then everything is ok — I
get back token with requested permissions added to it;
If permissions do not allow access to the resource, then I would expect returned token
without any additional permissions added, but, instead, I get http error 403 (not
authorised) from Keycloak.
Is it expected behaviour? Having 403 when communicating to Keycloak makes me think, that
my client is not authorised to make this call, while it seems, that this is signal about
the fact that access to resource is not allowed.
Alexey
6:55 a.m.
Hi,
That is the expected behavior. The server fails with 403 in case your
authorization request does not resolve to any permission.
Regards.
Pedro Igor
On Mon, Feb 11, 2019 at 10:29 AM Alexey Titorenko <titorenko(a)dtg.technology>
wrote:
Hello guys!
I would like to as about behaviour of Authorization Client. I’m trying to
get user entitlements using authorization client and see the following:
If permissions allow access to the resource and scope requested, then
everything is ok — I get back token with requested permissions added to it;
If permissions do not allow access to the resource, then I would expect
returned token without any additional permissions added, but, instead, I
get http error 403 (not authorised) from Keycloak.
Is it expected behaviour? Having 403 when communicating to Keycloak makes
me think, that my client is not authorised to make this call, while it
seems, that this is signal about the fact that access to resource is not
allowed.
Alexey
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:36 a.m.
Ok, thank you!
On 11 Feb 2019, at 15:55, Pedro Igor Silva <psilva(a)redhat.com>
wrote:
Hi,
That is the expected behavior. The server fails with 403 in case your authorization
request does not resolve to any permission.
Regards.
Pedro Igor
On Mon, Feb 11, 2019 at 10:29 AM Alexey Titorenko <titorenko(a)dtg.technology>
wrote:
Hello guys!
I would like to as about behaviour of Authorization Client. I’m trying to get user
entitlements using authorization client and see the following:
If permissions allow access to the resource and scope requested, then everything is ok —
I get back token with requested permissions added to it;
If permissions do not allow access to the resource, then I would expect returned token
without any additional permissions added, but, instead, I get http error 403 (not
authorised) from Keycloak.
Is it expected behaviour? Having 403 when communicating to Keycloak makes me think, that
my client is not authorised to make this call, while it seems, that this is signal about
the fact that access to resource is not allowed.
Alexey
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
2158
days inactive
2158
days old
2 comments
2 participants
participants (2)
-
Alexey Titorenko -
Pedro Igor Silva